The old-school manual system has already been spotted by people affiliated with Sans, a computer security training institute. Readers may remember the system from decades ago, when eight-track tapes and, later, Betamax video, were still the rage. P.F. Chang's servers will be retaining carbon copies of the transactions, according to KrebsOnSecurity reporter Brian Krebs, who first reported the breach three days ago after finding that thousands of newly stolen credit and debit cards for sale in underground forums were all used at the chain.

"At P.F. Chang's, the safety and security of our guests' payment information is a top priority," a statement posted on the chain's website stated. "Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang's China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues."

The statement went on to advise customers to monitor their credit card and bank statements and to report any suspicious activity to their card issuers.

According to Krebs, P.F. Chang's is also deploying dial-up card readers that will be plugged in to old-fashioned phone lines and used to process the imprint slips. The chain's shift to a manual system is already prompting jokes that rib a security-through-obscurity approach. In fairness, manual imprints are probably more secure. Just as they are harder for merchants to quickly process in large numbers, they probably are similarly harder for digital thieves to siphon up wholesale.

P.F. Chang's is the latest nationwide chain to be hit by an embarrassing hack that compromised its customers' sensitive data. In November, retailer Target suffered a breach that compromised credit card and personal data for as many as 110 million customers. Like P.F. Chang's, Target has been working with law enforcement agencies to investigate the hack. Unlike P.F. Chang's, Target has continued to process payment card transactions electronically.

Promoted Comments

Of course, almost no one seems interesting on pressing forward with the more secure credit cards employed in other countries and rolling that out as the standard system.

Actually, Visa and MC are doing just that. October of next year, all Visa/MC branded credit cards should be chip-and-pin. Also, the CC companies are changing their chargeback policies. Now, between the bank and the merchant, whomever is using the oldest tech is going to be responsible for the chargeback. That's a huge incentive for merchants to upgrade their systems to support chip-and-pin and beyond, simply so they don't own the chargebacks.

My CC doesn't have raised numbers. It has a chip and the CC number appears in small non-raised characters. How would that work? They'd need to write down the CC number? By hand? The accuracy is going to be an issue.

Doesn't most all of Europe and Canada use credit cards with some special security chip? I know my latest generation of credit cards has this little chip on it already. Isn't it just a matter of getting people to use them?

This is just theater to make customers feel better. This will not actually be more secure. These will retain the entire card number and expiration date, meaning it will be easier to steal your info. It will be corrupt employees who profit though instead of hackers.

Of course, almost no one seems interesting on pressing forward with the more secure credit cards employed in other countries and rolling that out as the standard system.

Actually, Visa and MC are doing just that. October of next year, all Visa/MC branded credit cards should be chip-and-pin. Also, the CC companies are changing their chargeback policies. Now, between the bank and the merchant, whomever is using the oldest tech is going to be responsible for the chargeback. That's a huge incentive for merchants to upgrade their systems to support chip-and-pin and beyond, simply so they don't own the chargebacks.

Of course, almost no one seems interesting on pressing forward with the more secure credit cards employed in other countries and rolling that out as the standard system.

My card from Chase was replaced a month or so ago and now has chip and sign (but not chip and pin). So it does seem like banks are slowly moving. I've yet to see a single retailer that actually using the chip...

Doesn't most all of Europe and Canada use credit cards with some special security chip? I know my latest generation of credit cards has this little chip on it already. Isn't it just a matter of getting people to use them?

RFID chips is what you're referring to, pretty sure.

In Canada they're ridiculously prevalent. The last time I went there (close to a year ago), I had no idea what was going on when people were just tapping their card to the machine. I actually feel more stupid about that now than I did at the time (it was in a Starbucks with lots of people passing by so I didn't really have time to think about it).

Now I feel really young because I don't even know what I'm looking at in that picture.

I only know because there was one used in one of the Home Alone moves (I think it was 2? At some hotel in New York...).

I wonder if they had to get them special made? Most places don't seem to have them just laying around (I went to high school in an area with frequent internet outages, if you went to a restaurant, got a meal, then the internet went out and you only had a card, you got a free meal because they had no other way to process it).

Of course, almost no one seems interesting on pressing forward with the more secure credit cards employed in other countries and rolling that out as the standard system.

Chip and PIN. I think it's finally coming in the next few years. Enough retailers are getting burned by the insecurities of the current system that there's pressure enough for change.

When I worked at a retailer several years back, we had our system go down a few times. It was interesting to see the looks on people's faces when the impression machine was brought out. People in their late 40's and above would get a look of nostalgic recognition. People younger than that would get a look of confused distrust. As if they expected it to rip apart their card, or that this was some sort of elaborate scam.

What will they do for new cards like the chase sapphire that don't have raised number? Why not go to a more modern system that supports NFC and SIM?

My new Chase card (replacing my old Slate) has raised numbers (I don't think the slate did, also the Slate was rotated 90 degrees versus most other cards) and has a chip (but no PIN). NFC was the one thing they removed from my card because (according to the letter from the bank), nobody used it.

Of course, they also switched me from Mastercard to Visa.

As for cards that don't have raised numbers, yeah, they just write the number down. Same way retailers who didn't have the swipe machine used to. You could always just manually fill in the slip. Also note: you have to fill in the amount manually anyway.

Now I feel really young because I don't even know what I'm looking at in that picture.

You know how the card number on your debit/credit card is embossed? You put the card and a special piece of paper which transfers ink based on pressure on the tray of that thing and move the shuttle back and forth. The embossed numbering on the card is pressed against the paper, and the numbers are transferred to the page.

Say it with me folks: financial disincentives. The only incentive for merchants to secure customer information now is brand reputation. Shaken customer loyalty and potential loss of sales sounds scary, but in reality these things are nebulous and hard to quantify.

What would be a lot more certain and real is legislation saying that stores must pay $x in fines for x amount of consumers' information leaked. It's downright unconscionable that we don't have any laws against a laissez faire approach to securing your customers' information.

Doesn't most all of Europe and Canada use credit cards with some special security chip? I know my latest generation of credit cards has this little chip on it already. Isn't it just a matter of getting people to use them?

RFID chips is what you're referring to, pretty sure.

In Canada they're ridiculously prevalent. The last time I went there (close to a year ago), I had no idea what was going on when people were just tapping their card to the machine. I actually feel more stupid about that now than I did at the time (it was in a Starbucks with lots of people passing by so I didn't really have time to think about it).

I was pleasantly surprised with how quickly Canadian merchants switched to chip/PIN terminals. In the past 4 years, it's become rare to find a place that DOESN'T use those types of cards. I'm seriously wondering why US businesses are having such a hard time with this; are people that afraid of spending a little money to be more secure? Or is it a holdover of "They'll steal my soul with the CHIP IN MA BRAIN!!!" thinking?

Doesn't most all of Europe and Canada use credit cards with some special security chip? I know my latest generation of credit cards has this little chip on it already. Isn't it just a matter of getting people to use them?

RFID chips is what you're referring to, pretty sure.

In Canada they're ridiculously prevalent. The last time I went there (close to a year ago), I had no idea what was going on when people were just tapping their card to the machine. I actually feel more stupid about that now than I did at the time (it was in a Starbucks with lots of people passing by so I didn't really have time to think about it).

Doesn't most all of Europe and Canada use credit cards with some special security chip? I know my latest generation of credit cards has this little chip on it already. Isn't it just a matter of getting people to use them?

I got one not too long ago. First time I tried to use it at Wal-Mart, the machine actually yelled at me for swiping and maybe me use the chip reader. I've noticed the cheap reader on a lot more machines now, but none of them seem to be active (I put in my card, but it keeps telling me to swipe). Come to think of it, Wally World is the only place where the chip reader has worked.

My CC doesn't have raised numbers. It has a chip and the CC number appears in small non-raised characters. How would that work? They'd need to write down the CC number? By hand? The accuracy is going to be an issue.

I wonder the same thing. Only one of my cards has the traditional embossed numbering, the others are a cheap feeling printed card that's totally smooth, and a weird one with the number deposited on the backside in some kind of resin. It hasn't been an issue though.

This is just theater to make customers feel better. This will not actually be more secure. These will retain the entire card number and expiration date, meaning it will be easier to steal your info. It will be corrupt employees who profit though instead of hackers.

This. It's far more insecure to have hard copies of card info laying around that employees have access to.

Now I feel really young because I don't even know what I'm looking at in that picture.

have you never been in a taxi?

Would that really be so surprising? I'm almost 23, and I've been in a taxi only three times. Two of those were while I was out of town in a way bigger city. For mid-sized cities or poor cities of any size, public transit or just bumming rides from friends is how you get around.

Of course, almost no one seems interesting on pressing forward with the more secure credit cards employed in other countries and rolling that out as the standard system.

My card from Chase was replaced a month or so ago and now has chip and sign (but not chip and pin). So it does seem like banks are slowly moving. I've yet to see a single retailer that actually using the chip...

Sam's Club is, but I havn't seen anyone hit by these data breaches promising upgrades to a chip and pin implementation.